Bug #3236: ISeq.load e$B$Ge(B [BUG] iseq_set_sequence: ic_index overflow
e$B$,H/@8e(B
http://redmine.ruby-lang.org/issues/show/3236
e$B5/I<<Te(B: Tomoyuki C.
e$B%9%F!<%?%9e(B: Open, e$BM%@hEYe(B: Normal
e$BC4Ev<Te(B: Koichi Sasada, e$B%+%F%4%je(B: YARV
ruby -v: ruby 1.9.2dev (2010-05-02 trunk 27590) [x86_64-darwin10.3.0]
RubyGems e$B$Ne(B iseq
e$B%i%$%V%i%j$rMxMQ$7$F!"Dj?t$d%$%s%9%?%s%9JQ?t$N;2>H$r4^$`%9%/%j%W%H$r%3%s%Q%$%k$7$?$b$N$re(B
load e$B$7$h$&$H$9$k$H0J2<$N$h$&$J%a%C%;!<%8$G%(%i!<$K$J$j$^$9!#e(B
$ cat iseq_load.rb
require “iseq”
iseq = ISeq.compile(“@a[0]”)
puts iseq.disasm
ISeq.load(iseq.to_a)
$ ruby-trunk -v iseq_load.rb
ruby 1.9.2dev (2010-05-02 trunk 27590) [x86_64-darwin10.3.0]
== disasm: <RubyVM::InstructionSequence:@>==========
0000 trace 1 (
1)
0002 getinstancevariable :@a, ic:0
0005 putobject 0
0007 opt_aref ic:2
0009 leave
iseq_load.rb:5: [BUG] iseq_set_sequence: ic_index overflow: index: 2,
size: 0
ruby 1.9.2dev (2010-05-02 trunk 27590) [x86_64-darwin10.3.0]
– control frame ----------
c:0004 p:---- s:0011 b:0011 l:000010 d:000010 CFUNC :load
c:0003 p:0075 s:0007 b:0007 l:0014a8 d:000bc0 EVAL iseq_load.rb:5
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:0014a8 d:0014a8 TOP
– Ruby level backtrace information
iseq_load.rb:5:in <main>' iseq_load.rb:5:in load’
– C level backtrace information
0 ruby-trunk 0x0000000100177acb
rb_vm_bugreport + 120
1 ruby-trunk 0x0000000100034f90 report_bug +
313
2 ruby-trunk 0x00000001000350b5 rb_bug + 241
3 ruby-trunk 0x000000010014a328
iseq_set_sequence + 2456
4 ruby-trunk 0x0000000100148f1c iseq_setup +
118
5 ruby-trunk 0x00000001001590e5
iseq_build_body + 2250
6 ruby-trunk 0x000000010015989f
rb_iseq_build_from_ary + 1789
7 ruby-trunk 0x000000010015bbe3 iseq_load +
1788
8 ruby-trunk 0x000000010015bcb2 rb_iseq_load
- 47
9 iseq.bundle 0x0000000100540eb5 iseq_s_load +
53
10 ruby-trunk 0x000000010016b040 call_cfunc +
282
11 ruby-trunk 0x000000010016aea7 vm_call_cfunc - 284
12 ruby-trunk 0x000000010016a07c
vm_call_method + 373
13 ruby-trunk 0x0000000100164cae vm_exec_core - 11207
14 ruby-trunk 0x00000001001745e9 vm_exec + 147
15 ruby-trunk 0x0000000100174fca
rb_iseq_eval_main + 45
16 ruby-trunk 0x0000000100039cd9
ruby_exec_internal + 193
17 ruby-trunk 0x0000000100039dfd
ruby_exec_node + 30
18 ruby-trunk 0x0000000100039dd0 ruby_run_node - 56
19 ruby-trunk 0x0000000100000dcb main + 79
20 ruby-trunk 0x0000000100000d74 start + 52
21 ??? 0x0000000000000003 0x0 + 3
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension
libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
e$BG[Ns$+$ie(B iseq
e$B$r9=C[$9$k;~$K%$%s%i%$%s%-%c%C%7%e$N%5%$%:e(B(ic_size)e$B$rI|85$7$F$$$J$$0Y$N$h$&$G$9!#0J2<$N=$@5$G!"e(Bmake
check
e$B$G%(%i!<$,A}$($J$$$3$H$H!“I8=`E:IU$N%i%$%V%i%je(B($prefix/lib/ruby/1.9.1/**/*.rb)e$B$,A4$Fe(B
ISeq.load e$B$G$-$k$3$H$r3NG’$7$^$7$?!#e(B
e$B$D$$$G$K!”>e5-$G$R$C$+$+$C$F$$$ke(B ic_index e$B$He(B ic_size
e$B$N%A%'%C%/$K$OEy9f$,H4$1$F$$$k$h$&$G$7$?$N$G$=$l$bDI2C$7$F$$$^$9!#e(B
Index: compile.c
— compile.c (revision 27590)
+++ compile.c (working copy)
@@ -1434,7 +1434,7 @@
{
int ic_index = FIX2INT(operands[j]);
IC ic = &iseq->ic_entries[ic_index];
-
if (UNLIKELY(ic_index > iseq->ic_size)) {
-
if (UNLIKELY(ic_index >= iseq->ic_size)) { rb_bug("iseq_set_sequence: ic_index overflow: index: %d, size:
%d",
ic_index, iseq->ic_size);
}
@@ -5269,6 +5269,8 @@
break;
case TS_IC:
argv[j] = op;
-
if (NUM2INT(op) >= iseq->ic_size) -
iseq->ic_size = NUM2INT(op) + 1; break; case TS_ID: argv[j] = rb_convert_type(op, T_SYMBOL,